Icon

Privacy Policy

About This Policy

This Privacy Policy explains how Habsy Inc ("Habsy", "we", "us", "our") collects, uses, discloses, and safeguards personal information when you use our website at https://habsy.ai/ ("Website") and our application, Habsy Business Card Manager (collectively, the "Service"). By using the Service, you consent to the practices described here.

Icon

Last Updated: October 6, 2025

Company Details

Habsy Inc
TD Canada Trust Tower, 161 Bay Street, 27th Floor, PO Box 508, Toronto, Ontario M5J 2S1, Canada

Interpretation and Definitions

  • Account: A unique account created for you to access our Service. Application: The Habsy Business Card Manager mobile/desktop application.

  • Personal Information: Information about an identifiable individual as defined under PIPEDA.

  • Service Provider: A third party that processes information on our behalf under contract.

  • Website: https://habsy.ai/

  • You: The individual using the Service or the entity on whose behalf it is used.

PIPEDA Principles We Follow

  • Accountability

  • Identifying Purposes

  • Consent

  • Limiting Collection

  • Limiting Use, Disclosure, and Retention

  • Accuracy

  • Safeguards

  • Openness

  • Individual Access

  • Challenging Compliance

Accountability and Privacy Officer

We are responsible for personal information in our custody or control. We have appointed a Privacy Officer who oversees compliance with this Policy and PIPEDA.
Privacy Officer: ramanan@habsy.ai
Postal: Ramanaraj, CSPO, Habsy Inc, TD Canada Trust Tower, 161 Bay Street, 27th Floor, PO Box 508, Toronto, Ontario M5J 2S1, Canada

Identifying Purposes (Why We Collect Information)

We collect personal information for the following purposes:

  • To provide and operate the Service (e.g., digitize business cards, manage contacts, enable search and sharing you initiate).

  • To create and manage accounts, authenticate users, and provide user support.

  • To communicate service updates, transactional notices, and (with your consent) marketing.

  • To maintain security, prevent fraud and abuse, and enforce our terms.

  • To analyze usage and improve features, performance, and reliability.

  • To comply with legal requirements and exercise or defend legal claims.

Consent

  • We obtain your consent for collection, use, and disclosure unless otherwise permitted or required by law.

  • Consent may be express (e.g., accepting prompts, toggles, or forms) or implied (e.g., when the purpose is obvious and you voluntarily provide the information).

  • Mobile permissions (e.g., camera/photos, contacts, location) are requested before use. You can change permissions in your device settings at any time.

  • You can withdraw consent at any time, subject to legal or contractual restrictions, by contacting ramanan@habsy.ai or adjusting in-app/browser settings. We will explain any implications of withdrawal (e.g., certain features may stop working).

Limiting Collection

We limit collection to information necessary for the purposes identified. We collect information directly from you, from your device when you use the Service, and in some cases from integrated services you enable.

Information We Collect

  • Account and Profile: name, email address, password hashes, preferences, and organization information you provide.

  • Content You Provide: images of business cards and related notes/labels you add.

  • Device and Usage Data: IP address, device identifiers, device and browser type, inferred locale/language, app version, pages/screens visited, time spent, diagnostic logs, crash data, and performance metrics. - In‑App Permissions (optional and with your consent):

  • Contacts: to import/select contacts you explicitly choose.

  • Camera/Photos/Media: to scan or attach business cards and images you select.

  • Location: to power location‑based features you enable.

  • Cookies and Similar Technologies: We use cookies, local storage, and web beacons to remember preferences, secure sessions, and measure usage. You can manage cookies via your browser; some features may not function without them.

How We Use Personal Information

  • To deliver core functionality, including scanning and organizing business cards, contact management, and features you request.

  • To personalize your experience and remember your settings.

  • To provide support, detect and remediate incidents, and maintain integrity and security of the Service.

  • To send service communications and, with consent, marketing. You can opt out of marketing at any time.

  • To analyze and improve Service performance, quality, and usability (using aggregated or de‑identified data where possible).

Limiting Use, Disclosure, and Retention

Use and Disclosure

We use and disclose personal information only for the purposes identified above, unless we obtain additional consent or are permitted/required by law to do otherwise.

Service Providers

We engage trusted Service Providers (e.g., cloud hosting, analytics, email delivery, customer support tools) that process personal information on our behalf under written agreements requiring confidentiality, appropriate safeguards, and use only as instructed. Some providers may operate outside Canada (e.g., in the United States or other jurisdictions). We take contractual and organizational measures to protect your information when transferred cross‑border.

Legal, Safety, and Business Transfers

We may disclose information to comply with law, respond to lawful requests, or protect rights, safety, and property. In a merger, acquisition, financing, or sale of assets, personal information may be transferred as permitted by law; we will continue to protect it and provide notice where required.

Retention

We retain personal information only as long as necessary to fulfill the identified purposes and as required by law. In general:

  • Account data is retained while your account is active. Upon account deletion, we delete or de‑identify account data within a reasonable period, subject to legal retention.

  • Business card images and derived contact data are retained until you delete them or your account, after which they are deleted or de‑identified within a reasonable period.

  • Security/diagnostic logs are typically retained for a limited period to ensure integrity and investigate issues. You may request deletion at any time (see "Your Rights").

Safeguards

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including:

  • Encryption in transit and at rest (where applicable).

  • Access controls with least‑privilege and multi‑factor authentication for administrators.

  • Segregation of environments, logging, and security monitoring.

  • Vendor and change management, and secure software development practices. No method of transmission or storage is 100% secure; we continuously improve our safeguards.

Openness

We make our privacy practices readily available through this Policy and related notices. For general PIPEDA guidance, see the Office of the Privacy

Commissioner of Canada (OPC):

Your Rights (Access, Correction, Withdrawal of Consent)

⦁ Access: You may request access to your personal information in our custody, information about how it has been used and to whom it has been disclosed.

⦁ Correction: You may request corrections if your information is inaccurate or incomplete.

⦁ Withdrawal of Consent: You may withdraw consent for future collection, use, or disclosure (subject to legal/contractual limits) and we will explain any impacts on the Service. We will respond to verified requests within the timelines required by law. To exercise these rights, contact contact@habsy.ai.

Challenging Compliance

You may submit questions or complaints about our privacy practices to our Privacy Officer at ramanan@habsy.ai. We will investigate and respond. If you are not satisfied, you may contact the OPC: Office of the Privacy Commissioner of Canada (OPC) https://www.priv.gc.ca/en/

Breach Response and Notification

We assess all security incidents involving personal information. Where a breach creates a real risk of significant harm (RROSH), we will notify affected individuals and report to the OPC as required by law, maintain records of all breaches, and take steps to mitigate risks. OPC guidance: https://www.priv.gc.ca/en/privacy-topics/business-privacy/breaches-and-safeguards/privacy-breaches-at-your-business/gd_pb_201810/

Links to Other Websites

The Service may contain links to third‑party websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies.

Changes to This Policy

We may update this Policy from time to time. We will post the updated Policy with a new "Last Updated" date. If changes are material, we will provide additional notice as appropriate.

Contact Us

If you have questions, requests, or complaints about privacy,
contact: ramanan@habsy.ai
Habsy Inc
TD Canada Trust Tower, 161 Bay Street, 27th Floor, PO Box 508, Toronto, Ontario M5J 2S1, Canada